Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.
The MiniUPnP project offers software which supports the UPnP Internet Gateway Device (IGD) specifications.
For the purposes of this article I'll assume you're familiar with setting up NAT under FreeBSD using OpenBSD Packet Filter. I'll also assume that your machine is up, routing and translating traffic correctly and is protected by OpenBSD Packet Filter (PF).Print This Post
SSHGuard monitors logging activity and reacts to attacks by blocking their source IP addresses. sshguard has born for protecting SSH servers from the today's widespread brute force attacks, and evolved to an extensible log supervisor for blocking attacks to applications in real-time.
SSHGuard is given log messages in its standard input. By means of a parser, it decides whether an entry is normal activity or attack. After a number of attacks, the IP address is blocked with the firewall.
These are the available blocking backends:
- SSHGuard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
- SSHGuard with IP FILTER (FreeBSD, NetBSD, Solaris)
- SSHGuard with IPFW (FreeBSD, Mac OS X)
- SSHGuard with netfilter/iptables (Linux)
- SSHGuard with TCP wrappers / hosts.allow (almost any UNIX system)
This article is a step-by-step guide about how to set up OpenBSD system that will act as a network router that takes advantage of the OpenBSD's PF packet filter.
1. OpenBSD Installation
Install OpenBSD by using this tutorial.
Now that you have OpenBSD installed, lets proceed with the next step.
2. OpenBSD Network Configuration
The network interface is configured at boot time using the /etc/hostname.if files, where if will be replaced by the full name of your interface, for the example above, /etc/hostname.xl0.
The layout of this file is simple:
address_family address netmask broadcast [other options]Print This Post
In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.
1. SSH security by tweaking sshd_config
The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.
- Change port number
Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.
- Allow only SSH protocol 2
Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.
Protocol 2Print This Post
This tutorial explains how to set up a FreeBSD system that will act as a network router that takes advantage of the ported version of OpenBSD's PF packet filter. A network router is a system that forwards packets from one interface to another.
1. FreeBSD Installation
Install FreeBSD by using this tutorial.
Now that you have FreeBSD installed, lets proceed with the next step.
2. FreeBSD Network Configuration
Open /etc/rc.conf in your favorite editor. You need to add a line for each network card present on the system, for example in our case we'll use two network cards:Print This Post